Merge pull request #294779 from yash177-maker1/docs-editor/architecture-network-design-co-1739841566

prmerger-automator[bot] · web-flow · commit ec7160a7fc28 · 2025-02-28T17:45:08.000Z
Update architecture-network-design-considerations.md
diff --git a/articles/azure-vmware/architecture-network-design-considerations.md b/articles/azure-vmware/architecture-network-design-considerations.md
@@ -24,12 +24,33 @@ Due to asymmetric routing, connectivity issues can occur when Azure VMware Solut
 For AS-Path Prepend, consider the following prerequisites:
 
 > [!div class="checklist"]
-> * The key point is that you must prepend **Public** ASN numbers to influence how Azure VMware Solution routes traffic back to on-premises. If you prepend using _Private_ ASN, Azure VMware Solution will ignore the prepend, and the ECMP behavior mentioned previously will occur. Even if you operate a Private BGP ASN on-premises, it's still possible to configure your on-premises devices to utilize a Public ASN when prepending routes outbound, to ensure compatibility with Azure VMware Solution.
-> * Design your traffic path for private ASNs after the public ASN to be honored by Azure VMware Solution. The Azure VMware Solution ExpressRoute circuit doesn't strip any private ASNs that exist in the path after the public ASN is processed.
-> * Both or all circuits are connected to Azure VMware Solution through Azure ExpressRoute Global Reach.
-> * The same netblocks are being advertised from two or more circuits.
-> * You wish to use AS-Path Prepend to force Azure VMware solution to prefer one circuit over another.
-> * Use either 2-byte or 4-byte public ASN numbers.
+* The key point is that you must prepend **Public** Autonomous System Numbers (ASNs) to influence how Azure VMware Solution routes traffic back to on-premises. If you prepend using _Private_ ASN, Azure VMware Solution will ignore the prepend, and the ECMP behavior mentioned previously will occur. Even if you operate a Private BGP ASN on-premises, it's still possible to configure your on-premises devices to utilize a Public ASN when prepending routes outbound, to ensure compatibility with Azure VMware Solution.
+* Design your traffic path for private ASNs after the public ASN to be honored by Azure VMware Solution. The Azure VMware Solution ExpressRoute circuit doesn't strip any private ASNs that exist in the path after the public ASN is processed.
+* Both or all circuits are connected to Azure VMware Solution through Azure ExpressRoute Global Reach.
+* The same netblocks are being advertised from two or more circuits.
+* You want to use AS-Path Prepend to force Azure VMware solution to prefer one circuit over another.
+* Use either 2-byte or 4-byte public ASN numbers.
+
+
+## Reserved Private ASNs in Azure VMware Solution
+
+Azure VMware Solution utilizes specific private Autonomous System Numbers (ASNs) for its underlay network infrastructure. To prevent conflicts and ensure seamless network integration, customers **should not** use the following ASNs within their network configurations.
+
+### Reserved ASNs for Underlay Networking
+
+The following ASNs are reserved for internal Azure VMware Solution infrastructure and should be avoided by customers:
+
+- **Tier-2 ASNs:** 65300 – 65340
+
+- **Tier-1 ASNs:** 65200 – 65240
+
+- **Transport ASNs (T0 Gateways):** 64513 (NSX Edges), 64600 – 64940
+
+- **Management ASNs:** 65000 – 65412
+
+### Impact of Using Reserved ASNs
+
+Using any of the ASNs listed above in your environment may lead to BGP session failures, network routing conflicts, or service disruptions. Ensure that your ASN assignments do not overlap with these reserved values.
 
 ## Management VMs and default routes from on-premises
 
